Publications

The draft Digital Services Package (the “Package”) released by the European Commission (the “Commission”) on 15 December 2020 is the most significant reform of European internet regulations in the past two decades. The Package will significantly impact the offering and use of digital services in the European Union (“EU”), not only for certain large systemic platforms, but for all intermediary services providers, as well as their users (business users and end-users).

The Package includes two regulations: the Digital Services Act (the “DSA”) and the Digital Markets Act (the “DMA”). The DSA sets new obligations for digital services providers to contribute to online safety through the fight against the spread of illegal content and the protection of online fundamental rights. The DMA imposes specific obligations on large online platforms identified as “gatekeepers” to avoid unfair practices and lack of contestability.

The DSA: “With Size Comes Responsibility”—A Set of Multifaceted Obligations for Digital Services Providers

The DSA will apply to all online intermediary services (with certain exceptions for micro and small companies)—including internet access providers, domain name registrars, hosting services, online marketplaces, app stores, collaborative economy platforms, social media platforms, etc.—whether established in the EU or outside, as long as they offer their services within the EU.

For all platforms, the DSA upholds existing EU principles of liability exemption (intermediary services providers shall not be held liable for illegal content posted by their users, unless they fail to make that content inaccessible once they are made aware of it) and the prohibition of general monitoring. In addition, the DSA defines different sets of obligations, depending on the platforms, their size and the risks they cause.

Common Due Diligence Obligations for All Intermediary Services Providers

The DSA imposes several obligations on all intermediary services providers, including:

1. Transparency reporting obligations in respect of the platforms’ content moderation activity, whether engaged at their own initiative or in response to complaints, orders or notices;
2. Disclosure of the restrictions imposed on the use of their services (policies, procedures, measures and tools used for the purpose of content moderation, including algorithmic decision-making and human review);
3. Cooperation with national authorities following orders to act against a specific item of illegal content; and
4. Designation of an appropriate point of contact and, where necessary, legal representatives.

Additional Obligations for Hosting Services Providers and Online Platforms

Providers of hosting services will be required to put in place a user-friendly “notice and action” mechanism (to allow users to notify them of illegal content) and respond timely to any such notification.

Online platforms (excluding micro and small companies) will have to comply with a number of additional obligations including:

1. Set internal complaint-handling and out-of-court dispute settlement mechanisms to enable users to effectively contest decisions that affect them;
2. Provide diligent treatment of notices submitted through the “notice and action” mechanism by “trusted flaggers” (i.e., entities with expertise in tackling illegal content);
3. Define appropriate safeguards, such as suspension measures, against misuse of services (i.e., frequent provision of manifestly illegal content, or submission of unfounded notices or complaints);
4. Set strict traceability of traders in online platforms; and
5. Comply with advertising transparency obligations to inform users, in real time, of when and on whose behalf an advertisement is displayed, the main parameters used to determine why a specific user is targeted, and whether the advertisement is based on profiling.

Very Large Platforms Will Be Subject to Higher Standards of Accountability and Trransparency

In addition to the above, very large platforms, i.e., platforms reaching an average monthly active users of more than 45 million or 10% of the Union population, will:

1. Have to assess the “systemic” risks their systems pose such as the spread of illegal content and develop appropriate risk management tools to mitigate these risks; and
2. Be subject to additional obligations including: (i) appointing a dedicated compliance officer responsible for monitoring compliance with the DSA and conducting annual independent risk audits; (ii) providing transparency on the algorithms used to offer content on their platforms (i.e., ranking mechanisms); (iii) compiling and making publicly available a repository with detailed information on the online advertisements they served on their platforms on an annual basis; and (iv) upon request, providing access to data necessary to monitor and assess compliance with the DSA to the Commission or national digital services coordinators and to “vetted researchers” which contribute to the identification and understanding of systemic risks.

The Commission will have the power to supervise, investigate and enforce these obligations on very large platforms, including to adopt infringement decisions and impose fines of up to 6% of their total turnover in the preceding fiscal year.

The DMA: A Tool Against Unfair Practices From “Gatekeepers”

The DMA is a specific regulation for certain core platform services providers which have a systemic role in the European internal market and function as gateways between businesses and consumers for important digital services. Those platforms are defined by the DMA as “gatekeepers”—a concept that is different from the DSA’s “very large platforms.” The DMA’s objective is to give smaller platforms greater capabilities to compete with these gatekeepers.

How Will Gatekeepers Be Identified?

The DMA will apply only to core platform services providers.[1] If such providers meet the three quantitative criteria below, they will be presumed to be gatekeepers:

6. Size: the group to which the provider belongs either (i) achieved an annual EEA-wide turnover of EUR 6.5 billion or more in the last three financial years, or (ii) has an average market capitalisation or fair market value of at least EUR 65 billion in the last financial year; and the provider’s core platform service is present in at least three Member States;
7. Role: the core platform service has more than 45 million monthly active end-users established or located in the EU and more than 10,000 yearly active business users established in the EU in the last financial year; and
8. Durability: the provider has an “entrenched and durable position in its operations.” This criterion will be satisfied if the thresholds in point b) have been met in each of the last three financial years.

The Commission will also be able to identify gatekeepers not captured by the DMA’s quantitative thresholds on a case-by-case basis as a result of a market investigation.

What Will Be the Gatekeepers’ Duties?

Gatekeepers will have to proactively implement practices to promote a fair environment for other businesses, whilst refraining from engaging in unfair practices. For instance, gatekeepers should:

1. Allow third parties to inter-operate with the gatekeeper’s own services in specific situations;
2. Allow their business users to access the data that they generate in their use of the gatekeeper’s platform; and
3. Allow their business users to promote their offers and conclude contracts with their customers outside the gatekeeper’s platform.

By contrast, gatekeepers should not:

1. Treat services and products offered by the gatekeeper itself more favourably in ranking than similar services or products offered by third parties on the gatekeeper’s platform;
2. Prevent consumers from linking up to businesses outside their platforms; or
3. Prevent users from un-installing any pre-installed software or app if they wish so.

Gatekeepers will be required to inform the Commission of any intended concentration involving another provider of core platform services or any other services provided in the digital sector, irrespective of whether the transaction is notifiable to a Union competition authority.

What Are the Sanctions for Failing to Comply With the DMA?

Where a gatekeeper does not satisfy its obligations under the DMA, the Commission will have the power to adopt a non-compliance decision with a fine of up to 10% of the gatekeeper’s total turnover in the preceding financial year. The Commission will also be able to impose behavioral or structural remedies in case of systematic infringements (i.e., issuance by the Commission of at least three non-compliance or fining decisions under the DMA within a five year period).

Next Steps

The European Parliament and Member States will discuss these proposals in the coming months. Once enforceable, the new regulations will be directly applicable across all Member States and have extensive consequences for online platforms.

[1] “Core platform services” means online intermediation services, online search engines, online social networking services, video-sharing platform services, number-independent interpersonal communication services, operating systems, cloud computing services and advertising services.